3-layer switching Solution

There are several independent LAN (M, A, B, C, D, E) assigned different class C addresses, and A 3com SuperStack4900 layer-3 switch. Currently, layer-3 switches are used to implement communication between A, B, C, D, and E but cannot communicate with M.
To configure the ports of the central switch, the solution is as follows:

Access Control List-ACL

The access control list (ACL) is the command list of the application on the router interface. With the development of network applications and technologies, this technology has been applied to some core routing switches and even Edge switches, in order to achieve distributed and effective control in all parts of the network. The ACL command list is used to tell the vro (vswitch) which data packets can be received and which ones need to be rejected. As a result, the recipient is rejected, which can be determined by specific conditions such as the source address, destination address, and port number.

The ACL classifies the destination address in the access control list to manage communication traffic and process undetermined data packets. Sorts and processes the ACLs of each specific interface, so that all communication traffic through this interface must be checked according to the conditions specified by the ACL.

ACL applies to all routing protocols, such as IP and IPX. When data packets of these protocols pass through a vro (vswitch), you can use the ACL to filter them. You can configure an ACL on a vro (vswitch) to control access to a network or subnet. The ACL controls whether packets are forwarded or blocked at the router (switch) interface to filter network communication traffic. The router (switch) detects each packet that passes the test based on the conditions specified in the ACL. This condition can be either the source address or destination address of the data packet, or the upper-layer protocol or other factors.

The ACL is defined based on all protocols. In other words, if you want to control the communication data flow of a protocol, you must define a separate ACL for this Protocol at the interface (for some protocols, ACL is like a filter ). For example, to configure a router (vswitch) interface to support three protocols, you must define at least three access control lists. By flexibly adding an access control list, ACL can be used as a powerful tool for network control to filter data packets from and from router (switch) interfaces.

You can create an ACL:

Limit network traffic and improve network performance. For example, an ACL can specify a higher priority for a data packet based on the protocol of the data packet, and the data packet is processed by the router (switch) in the same case. It ensures that the router (switch) can discard unnecessary data packets. In this way, different queues limit network traffic and reduce network congestion.

Provides communication traffic control measures. For example, ACL can limit or simplify the length of the route selection update information, which is often used to limit the traffic through a certain network segment of the router.

Provides basic security measures for network access. For example, an ACL allows a host to access a network and prevents another host from accessing the same network.

At the router (switch) interface, determine which type of communication traffic is forwarded and which is blocked

The ACL method has been tried to implement the above functions. The summary is as follows:
Set different class C addresses for each port, and set the corresponding Gateway addresses in the ip interface to complete communication between different ports. Configure ACL access control to restrict the communication between some ports.
Unfortunately, it is not the best solution.

Collecting solutions ......